APPLICATION CONTROL : FACEBOOK POLICY IS NOT WORKING

Hi SOPHOS COMMUNITY, ENGINEER and ARCHITECT

Good Day

Have you encountered that the FACEBOOK SUB application bypass your POLICY.

Here is the Scenario.

Under Application control, I ONLY allow facebook POST  and DENY ALL OTHER FEATURES like (facebook comment, like, video, message etc)

then my policy is NOT WORKING 100%, you can comment, like, message etc 

How to SOLVE this kind of ISSUE??

Attached Screenshot for your reference 

SG135w (SFOS 16.05.0 RC-1)

 

Thank you

 

 

  • kunkka,

    in order to allow/block micro-apps, you need to:

    • enable decrypt and scan on the firewall rule where the Application is applied
    • make sure micro-app scanning is enabled: system application_classification microapp-discovery show

    Regards

  • In reply to lferrara:

    Hi Sir lferrara,

    Good Day

    Thank you for your professional support.

    I already perform your advise, but then something weird happen I think I missed some configurations that's why www.facebook.com was blocked by my browser.! 

    Can you assist me again in this matter?

    Please find attached screenshot for my configurations and blocked facebook webpage

     

     



  • In reply to kunkka proudmore:

    Hi Sir lferrara,

    Good Day

    Sir I found out that the error was caused by not issuing certificate on my Browser.

    I followed the  SSL CA Certification Guide on Knowledge base https://community.sophos.com/kb/en-us/123048, it allow me to access on facebook.com

    But then, you can LIKE, Comment etc into facebook supposedly it must be blocked  by my firewall rule.

    Thank you.

  • In reply to kunkka proudmore:

    kunkka,

    use the log viewer in order to understand which firewall rule is matched (for allowed traffic).

    If you are unsure, move this rule to the top or share with us your Firewall rules.

    Regards

  • In reply to lferrara:

    Hi Sir lferrara

    Good Day

    I already moved this into top of my fwall rule

    Please find attached screenshot

    Thank you Sir

  • In reply to kunkka proudmore:

    Hi Sir lferrara

    Good Day

    From SSH perspective, I prompt this command  system application_classification microapp-discovery show 

    It is currently off, do i need to turn it ON? 

    Thank you Sir

    Attached screenshot for your reference.

     

  • In reply to kunkka proudmore:

    That's why micro-app scanning is not working.

    Enable it and try again!

  • In reply to lferrara:

    Hi Sir lferrara,

    According to this KB https://community.sophos.com/kb/en-us/126550

    if I enter this command 

    system application_classification microapp-discovery show

     

    and the result is OFF

    this will be the next command to be entered.

    system application_classification microapp-discovery off

     

     

    ..... or much this will be the right command system application_classification microapp-discovery ON

     

    Thank you

  • In reply to kunkka proudmore:

    kunkka,

    you need to activate micro-app discovery, so the ON switch must be used. Go on Sophos Website and download the CLI documentation for more commands.

    Regards

  • In reply to lferrara:

    Hi Sir lferrara,

    I will turn it ON now,,, and i will get back to you whatever the results may be..

    thank you sir 

  • In reply to kunkka proudmore:

    Hi Sir  lferrara,

    After upon turning ON micro app discovery it is 90 % working

    The ONLY issue that is pending is the VIDEO PLAYBACK ong Facebook, currently u can play any shared/uploaded videos on facebook...
    is there any way to prohibit that?


    thank you

  • In reply to kunkka proudmore:

    kunkka,

    use the application and web filtering logs in order to understand what is still missing for videos on Facebook and block them accordingly.

    Regards

  • Configure a Web Category and add the keyword "fbcdn" add it in the Web filter policy; block HTTPS in the category definition and don't forget to turn ON its status. That should block the FB Videos.

    Cheers-

  • In reply to sachingurung:

     

    thanks for sharing this tip, however because XG is correctly recognize FBVideos (from your screenshot), users should not need to create a keyword filter.

    Do you plan a fix for this?

    Maybe into v17, this can be improved and remove even the necessity to enable HTTPS. I understand it is safe but a big pain for big installation. This limit does not exist on UTM9.

    Thanks

  • In reply to lferrara:

    Hi Luk,

    This should be already known by the support team and a fix will be introduced. I came across this glitch only when I reproduced it. 

    Cheers